Vulnerability CVE-2017-14798


Published: 2018-03-01

Description:
A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
PostgreSQL 9.4-0.5.3 Privilege Escalation
Johannes Segitz
14.08.2018

Type:

CWE-362

Vendor: Postgresql
Product: Postgresql 
Version:
9.4
9.3.9
9.3.8
9.3.7
9.3.6
9.3.5
9.3.4
9.3.3
9.3.22
9.3.21
9.3.20
9.3.2
9.3.19
9.3.18
9.3.17
9.3.16
9.3.15
9.3.14
9.3.13
9.3.12
9.3.11
9.3.10
9.3.1
9.3.0
9.3
9.2.7
9.2.6
9.2.5
9.2.4
9.2.3
9.2.24
9.2.23
9.2.22
9.2.21
9.2.20
9.2.2
9.2.19
9.2.18
9.2.17
9.2.16
9.2.15
9.2.14
9.2.1
9.2
9.1.9
9.1.8
9.1.7
9.1.6
9.1.5
9.1.4
9.1.3
9.1.24
9.1.23
9.1.22
9.1.21
9.1.20
9.1.2
9.1.19
9.1.12
9.1.11
9.1.10
9.1.1
9.1
9.0.9
9.0.8
9.0.7
9.0.6
9.0.5
9.0.4
9.0.3
9.0.23
9.0.21
9.0.20
9.0.2
9.0.18
9.0.17
9.0.16
9.0.15
9.0.14
9.0.13
9.0.12
9.0.11
9.0.10
9.0.1
9.0
8.4.9
8.4.8
8.4.7
8.4.6
8.4.5
8.4.4
8.4.3
8.4.22
8.4.21
8.4.20
8.4.2
8.4.19
8.4.18
8.4.17
8.4.16
See more versions on NVD

CVSS2 => (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.9/10
10/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://lists.suse.com/pipermail/sle-security-updates/2017-November/003420.html
https://bugzilla.suse.com/show_bug.cgi?id=1062722
https://www.exploit-db.com/exploits/45184/
https://www.suse.com/de-de/security/cve/CVE-2017-14798/

Related CVE
CVE-2019-9193
** DISPUTED ** In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_read_server_files' group to execute arbitrary code in the context of the database's operating system user. This functionality is...
CVE-2018-16850
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser ...
CVE-2018-10936
A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle atta...
CVE-2016-7048
The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software.
CVE-2018-10925
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could...
CVE-2018-10915
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untru...
CVE-2018-1115
postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to ...
CVE-2018-1058
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 ar...

Copyright 2019, cxsecurity.com

 

Back to Top